<?php

$request = array_merge($_GET, $_POST, $_SESSION, $_COOKIE);

class db {
    public $where;
    function __wakeup(){
        if (!empty($this->where)) {
            $this->select($this->where);
        }
    }

    function select($where) {
        $sql = mysql_query('SELECT * FROM `users` WHERE '.$where);
        return @mysql_fetch_array($sql);
    }
}


if (isset($request['token'])) {
    $login= unserialize(gzuncompress(base64_decode($request['token']));

    $db = new db();
    $row = $db->select('user=\''.mysql_real_escape_string($login['user']).'\'');

    if ($login['user'] == 'hello') {
        echo $flag;
    } else if($row['pass'] !== $login['pass']) {
        echo 'unserialize injection!!';
    } else {
        echo "(ಥ_ಥ)";
    }
} else {
    header('Location: index.php?error=1');
}

